Security News

A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets. In addition to application data, source code or configuration files in the S3 buckets can also contain 'secrets,' which are authentication keys, access tokens, and API keys.

Does your organization spend countless resources hardening operating systems in the cloud? That's why CIS pre-hardens virtual machine images to CIS Benchmark standards. See how these CIS Hardened Images work by trying one in your cloud environment.

Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services credentials, posing a major security risk. "Over three-quarters of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in a report shared with The Hacker News.

Researchers at Symantec's Threat Hunting team, part of Broadcom Software, found 1,859 applications containing hard-coded AWS credentials, most of them being iOS apps and just 37 for Android. The threat analysts highlight three notable cases in their report where the exposed AWS tokens could have had catastrophic consequences for both authors and users of the vulnerable apps.

From there they can send phishing messages carrying the AWS name into corporate emails systems to both get past scanners that typically would block suspicious messages and to add greater legitimacy to fool victims, according to email security vendor Avanan. In a report this week, researchers with Avanan - acquired last year by cybersecurity company Check Point - outlined a phishing campaign that uses AWS and unusual syntax construction in the messages to get past scanners.

AWS and Splunk are leading an initiative aimed at creating an open standard for ingesting and analyzing data, enabling enterprise security teams to more quickly respond to cyberthreats. "Today's security leaders face an agile, determined and diverse set of threat actors," officials with cybersecurity vendor Trend Micro, one of the initial members of OCSF, wrote in a blog post.

Compromising an organization's cloud infrastructure is like sitting on a gold mine for attackers. Sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure.

Amazon's cloud platform is extending security capabilities for a couple of its widely used services; Amazon Elastic Block Store and Amazon Elastic Kubernetes Service. Amazon GuardDuty is described as a threat detection service that can continuously monitor AWS accounts and workloads for malicious activity, and can initiate automated responses.

AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster. Amazon updated all EKS clusters worldwide as of June 28, and the new version of the AWS IAM Authenticator for Kubernetes fixes the flaw.

Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and environment variables. All those credentials and metadata then get uploaded to one or more endpoints, and anyone on the web can see this.